Ok, so I get how to assign roles to privileges and then to a REST enabled table. What I don't get is how to assign the privilege to a user.
It seems that these roles/privileges are NOT the same as database roles that we have had for so long and I don't get how to grant them to a user.
So, we're using PING and AD for our authentication and connection pooling such that no one is actually logging into the DB as themselves. The apps have an Angular front-end accessed via a web browser.
How do I grant these permissions to the users who authenticate through PING? I assume I can get the userid from the header, BUT if I'm using the REST enabled tables, I don't have any pl/sql with which to check/set permissions.
Does the generated code somehow use the "implicit parameters" to check security?
The examples I find all seem to use the java "ords.war user" command to set up users. Our users would exist in AD (they probably also have DB users but I don't think we want to use that)
I just don't understand how I map privileges to the user that gets authenticated via Ping/AD
Similarly how do I get the userid for the user so that I can set auditing columns in a trigger?